What You'll DoAs a member of the IT Audit team, you'll work closely with teams across our Technology organization to learn about our custom systems and assess McMaster-Carr's IT security controls. Our internal audit team brings creativity and critical thinking to each project while building strong relationships with technology leaders. While we use leading enterprise security tools, the vast majority of the systems that run our business are custom-built and continuously evolving-requiring auditors to apply security principles and professional judgment rather than relying on standardized, checklist-based assessments. Because of this bespoke environment, assessing controls requires a strong foundation in security principles and the curiosity to learn about and assess the company's practices for meeting its security goals.
As an integral member of our internal audit team, you'll play a key role in high-impact work.
- Conduct audits independently from planning through reporting. Communicate findings and recommendations clearly and focus on helping teams strengthen security and operations. You'll serve as a risk and controls expert, partnering with Technology leaders to assess the effectiveness of IT security controls that protect the business.
- Build trusted partnerships with technology leaders. While you'll gain exposure to many different teams, you'll frequently work with members of the security, mainframe, and infrastructure teams. By gaining and demonstrating an understanding of their systems and tools, you'll develop trust with the subject matter experts and enable collaboration that makes deep audit work possible.
- Develop deep knowledge of McMaster-Carr's custom-built systems. From McMaster.com to payment processing to internal infrastructure, you'll devise practical test plans to assess how controls protect the business. You'll work directly with subject matter experts to understand which servers handle sensitive data, how access is controlled, and how encryption is applied at each stage.
- Use critical thinking in the application of security frameworks to our technology environment. Whether assessing our security controls holistically or completing the PCI assessment of credit card data flows, we carefully consider our internal context and the intended security goal of the relevant framework to determine whether our processes align with the framework's guidance.
- Help shape a growing IT audit function by influencing audit topics, following curiosity into new areas, and connecting insights across engagements.
Who You AreWe are seeking bright, curious, and ambitious individuals eager to make an impact. Ideal candidates have:
- 5+ years of relevant work experience, including at least 3 years in an audit role, with recent experience auditing security controls
- A 4-year degree
- A certification in audit or cybersecurity
- Experience assessing security controls, with working knowledge of topics such as firewalls and network segmentation, incident response management, security configurations, logging and monitoring, backup and recovery practices, and user access management
- The ability to engage quickly with unfamiliar technology environments, ask astute questions, and apply audit judgment in settings without rigid policies or standard playbooks
- Exceptional communication and analytical skills--able to synthesize technical concepts, explain risk clearly, and connect ideas across different audits and systems
BenefitsCash CompensationTotal cash compensation generally ranges from $200,000 - $259,000 and includes profit sharing based on company performance.
Growth & Learning- 100% tuition reimbursement
- Informal and formal mentorship
- Employee resource groups
Health & Wellbeing- Medical, dental, pharmacy, and vision plans with no monthly premiums
- Inclusive, all-gender benefits
Family & Future- Paid parental leave for all new parents
- Adoption and surrogacy assistance
- First-time home buyer assistance
- Industry-leading company-funded retirement accounts
Time Off- Paid vacation and personal time
